From owner-freebsd-security@FreeBSD.ORG Wed Nov 26 09:35:12 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9DDB216A4CE for ; Wed, 26 Nov 2003 09:35:12 -0800 (PST) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8CA2843F93 for ; Wed, 26 Nov 2003 09:35:11 -0800 (PST) (envelope-from freebsd-security-local@be-well.ilk.org) Received: from be-well.no-ip.com ([66.30.200.37]) by comcast.net (rwcrmhc12) with ESMTP id <20031126173511014007a805e>; Wed, 26 Nov 2003 17:35:11 +0000 Received: by be-well.no-ip.com (Postfix, from userid 1147) id B31E070; Wed, 26 Nov 2003 12:35:06 -0500 (EST) Sender: lowell@be-well.ilk.org To: Mike Tancsa References: <6.0.1.1.0.20031126101602.06e8e9f0@209.112.4.2> <20031126102631.L16087@cithaeron.argolis.org> <6.0.1.1.0.20031126104757.034e1988@209.112.4.2> <6.0.1.1.0.20031126112219.045d4668@209.112.4.2> From: Lowell Gilbert Date: 26 Nov 2003 12:35:06 -0500 In-Reply-To: <6.0.1.1.0.20031126112219.045d4668@209.112.4.2> Message-ID: <44u14rnid1.fsf@be-well.ilk.org> Lines: 12 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Mon, 01 Dec 2003 03:18:31 -0800 cc: freebsd-security@freebsd.org Subject: Re: perms of /dev/uhid0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Nov 2003 17:35:12 -0000 Mike Tancsa writes: > if (!(pwent = getpwnam("nobody"))) > { > fprintf(stderr, "There must be a user called nobody > for this program to work!"); > exit(1); > } It would be safer to create a different user specifically for this purpose. Otherwise, something else running as nobody might have access to more privileges than it was intended for... From owner-freebsd-security@FreeBSD.ORG Mon Dec 1 06:29:41 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7002616A4CE for ; Mon, 1 Dec 2003 06:29:41 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D8D643F75 for ; Mon, 1 Dec 2003 06:29:37 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 41C5254883; Mon, 1 Dec 2003 08:29:37 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id DE8096D455; Mon, 1 Dec 2003 08:29:36 -0600 (CST) Date: Mon, 1 Dec 2003 08:29:36 -0600 From: "Jacques A. Vidrine" To: äÅÊÔÅÒ áÌÅËÓÁÎÄÒ ÷ÁÌÅÒÉÅ×ÉÞ Message-ID: <20031201142936.GD99428@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , äÅÊÔÅÒ áÌÅËÓÁÎÄÒ ÷ÁÌÅÒÉÅ×ÉÞ , freebsd-security@freebsd.org References: <02be01c3b5a6$a78a8ea0$b901320a@komi.mts.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <02be01c3b5a6$a78a8ea0$b901320a@komi.mts.ru> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: freebsd-security@freebsd.org Subject: Re: Kerberized applications in FreeBSD 5.x X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Dec 2003 14:29:41 -0000 On Fri, Nov 28, 2003 at 02:56:27PM +0300, äÅÊÔÅÒ áÌÅËÓÁÎÄÒ ÷ÁÌÅÒÉÅ×ÉÞ wrote: > In FreeBSD 5.x only telnet/telnetd works 'out of box' with kerberos. > Why ftp/ftpd, ssh/sshd and cvs do not support kerberos ? Actually, `cvs' does support Kerberos via GSSAPI in FreeBSD 5.2. Expect OpenSSH to support Kerberos via GSSAPI in FreeBSD 5.3. FTP is tricky--- I'm not touching it until we decide which FTP is the *real* FTP. Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se From owner-freebsd-security@FreeBSD.ORG Mon Dec 1 06:43:08 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DF9016A4CE for ; Mon, 1 Dec 2003 06:43:08 -0800 (PST) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A77643FEA for ; Mon, 1 Dec 2003 06:43:05 -0800 (PST) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id 15EAD8B4; Mon, 1 Dec 2003 08:43:04 -0600 (CST) Date: Mon, 1 Dec 2003 08:43:04 -0600 From: Tillman Hodgson To: freebsd-security@freebsd.org Message-ID: <20031201144304.GB90713@seekingfire.com> References: <02be01c3b5a6$a78a8ea0$b901320a@komi.mts.ru> <20031201142936.GD99428@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031201142936.GD99428@madman.celabo.org> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers User-Agent: Mutt/1.5.5.1i Subject: Re: Kerberized applications in FreeBSD 5.x X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Dec 2003 14:43:08 -0000 On Mon, Dec 01, 2003 at 08:29:36AM -0600, Jacques A. Vidrine wrote: > FTP is tricky--- I'm not touching it until we decide which FTP is the > *real* FTP. Could you explain this a bit further? I'm pretty familiar with Kerberos and I wasn't aware of this issue. I think I might be mis-parsing your email to mean "competing standards" when it might mean "competing clients", in which case it makes more sense :-) -T -- The mere sense of living is joy enough. Emily Dickinson From owner-freebsd-security@FreeBSD.ORG Mon Dec 1 07:00:30 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B19F116A4CF for ; Mon, 1 Dec 2003 07:00:30 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3997A43FD7 for ; Mon, 1 Dec 2003 07:00:08 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id D48C4548A4; Mon, 1 Dec 2003 09:00:07 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 93BEB6D455; Mon, 1 Dec 2003 09:00:07 -0600 (CST) Date: Mon, 1 Dec 2003 09:00:07 -0600 From: "Jacques A. Vidrine" To: Tillman Hodgson Message-ID: <20031201150007.GI99428@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Tillman Hodgson , freebsd-security@freebsd.org References: <02be01c3b5a6$a78a8ea0$b901320a@komi.mts.ru> <20031201142936.GD99428@madman.celabo.org> <20031201144304.GB90713@seekingfire.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031201144304.GB90713@seekingfire.com> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: freebsd-security@freebsd.org Subject: Re: Kerberized applications in FreeBSD 5.x X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Dec 2003 15:00:30 -0000 On Mon, Dec 01, 2003 at 08:43:04AM -0600, Tillman Hodgson wrote: > On Mon, Dec 01, 2003 at 08:29:36AM -0600, Jacques A. Vidrine wrote: > > FTP is tricky--- I'm not touching it until we decide which FTP is the > > *real* FTP. > > Could you explain this a bit further? I'm pretty familiar with Kerberos > and I wasn't aware of this issue. I think I might be mis-parsing your > email to mean "competing standards" when it might mean "competing > clients", in which case it makes more sense :-) Yes, sorry--- we have more than one FTP implementation in FreeBSD. Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se From owner-freebsd-security@FreeBSD.ORG Mon Dec 1 08:45:24 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DE3416A4CF for ; Mon, 1 Dec 2003 08:45:24 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3014744008 for ; Mon, 1 Dec 2003 08:45:22 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) hB1GjIHL000710; Mon, 1 Dec 2003 16:45:18 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)hB1GjIcQ000709; Mon, 1 Dec 2003 16:45:18 GMT (envelope-from mark@grondar.org) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])hB18x2Dw094198; Mon, 1 Dec 2003 08:59:02 GMT (envelope-from mark@grondar.org) Message-Id: <200312010859.hB18x2Dw094198@grimreaper.grondar.org> To: =?koi8-r?B?5MXK1MXSIOHMxcvTwc7E0iD3wczF0snF18ne?= From: Mark Murray In-Reply-To: Your message of "Fri, 28 Nov 2003 14:56:27 +0300." <02be01c3b5a6$a78a8ea0$b901320a@komi.mts.ru> Date: Mon, 01 Dec 2003 08:59:02 +0000 Sender: mark@grondar.org X-Spam-Status: No, hits=-1.0 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-security@freebsd.org Subject: Re: Kerberized applications in FreeBSD 5.x X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Dec 2003 16:45:24 -0000 =?koi8-r?B?5MXK1MXSIOHMxcvTwc7E0iD3wczF0snF18ne?= writes: > In FreeBSD 5.x only telnet/telnetd works 'out of box' with kerberos. > Why ftp/ftpd, ssh/sshd and cvs do not support kerberos ? You need to turn it obn by hand in /etc/pam.d/*. Its not on by default, because that would cause nasty delays in PAM. M -- Mark Murray iumop ap!sdn w,I idlaH From owner-freebsd-security@FreeBSD.ORG Mon Dec 1 10:02:46 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8318A16A4CE; Mon, 1 Dec 2003 10:02:46 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0EDF043F93; Mon, 1 Dec 2003 10:02:03 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id A2FE2548A3; Mon, 1 Dec 2003 12:02:02 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 441036D455; Mon, 1 Dec 2003 12:02:02 -0600 (CST) Date: Mon, 1 Dec 2003 12:02:02 -0600 From: "Jacques A. Vidrine" To: Mark Murray Message-ID: <20031201180202.GD244@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Mark Murray , äÅÊÔÅÒ áÌÅËÓÁÎÄÒ ÷ÁÌÅÒÉÅ×ÉÞ , freebsd-security@freebsd.org References: <02be01c3b5a6$a78a8ea0$b901320a@komi.mts.ru> <200312010859.hB18x2Dw094198@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200312010859.hB18x2Dw094198@grimreaper.grondar.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: freebsd-security@freebsd.org cc: äÅÊÔÅÒ áÌÅËÓÁÎÄÒ ÷ÁÌÅÒÉÅ×ÉÞ Subject: Re: Kerberized applications in FreeBSD 5.x X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Dec 2003 18:02:46 -0000 On Mon, Dec 01, 2003 at 08:59:02AM +0000, Mark Murray wrote: > =?koi8-r?B?5MXK1MXSIOHMxcvTwc7E0iD3wczF0snF18ne?= writes: > > In FreeBSD 5.x only telnet/telnetd works 'out of box' with kerberos. > > Why ftp/ftpd, ssh/sshd and cvs do not support kerberos ? > > You need to turn it obn by hand in /etc/pam.d/*. Its not on by default, > because that would cause nasty delays in PAM. I think he meant *actual* Kerberos support i.e. at the protocol level, not just password-authentication-via-Kerberos. Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se From owner-freebsd-security@FreeBSD.ORG Mon Dec 1 21:18:07 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD21216A4CE; Mon, 1 Dec 2003 21:18:07 -0800 (PST) Received: from mandy.mts.ru (mandy.mts.ru [81.211.47.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86D9743FD7; Mon, 1 Dec 2003 21:18:05 -0800 (PST) (envelope-from tiamat@komi.mts.ru) Received: from maeko.inside.mts.ru (maeko [192.168.10.3]) by mandy.mts.ru with SMTP id hB25Hxb07106; Tue, 2 Dec 2003 08:18:04 +0300 (MSK) Received: from stella.komi.mts.ru ([10.50.1.1]) by maeko.inside.mts.ru (NAVGW 2.5.2.12) with SMTP id M2003120208175804917 ; Tue, 02 Dec 2003 08:17:58 +0300 Received: from nbdav (nb-dav.komi.mts.ru [10.50.1.185]) (user=tiamat mech=NTLM bits=0) by stella.komi.mts.ru (MTS Komi/Smtp) with ESMTP id hB25HwFm006960; Tue, 2 Dec 2003 08:17:58 +0300 (MSK) (envelope-from tiamat@komi.mts.ru) Message-ID: <006501c3b893$a2214ae0$b901320a@komi.mts.ru> From: =?koi8-r?B?5MXK1MXSIOHMxcvTwc7E0iD3wczF0snF18ne?= To: "Mark Murray" References: <200312010859.hB18x2Dw094198@grimreaper.grondar.org> Date: Tue, 2 Dec 2003 08:17:51 +0300 Organization: =?koi8-r?B?5snMycHMIO/h7yAi7c/CyczYztnFIPTFzMXzydPUxc3ZIiDXIMcu8w==?= =?koi8-r?B?2cvU2dfLwdLFLCDy6y4=?= MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-security@freebsd.org Subject: Re: Kerberized applications in FreeBSD 5.x X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 05:18:07 -0000 > > In FreeBSD 5.x only telnet/telnetd works 'out of box' with kerberos. > > Why ftp/ftpd, ssh/sshd and cvs do not support kerberos ? > You need to turn it obn by hand in /etc/pam.d/*. Its not on by default, > because that would cause nasty delays in PAM. No. I meant support at the protocol level. Thanks! From owner-freebsd-security@FreeBSD.ORG Mon Dec 1 21:20:20 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D140316A4CE; Mon, 1 Dec 2003 21:20:20 -0800 (PST) Received: from mandy.mts.ru (mandy.mts.ru [81.211.47.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9099543FDD; Mon, 1 Dec 2003 21:20:16 -0800 (PST) (envelope-from tiamat@komi.mts.ru) Received: from maeko.inside.mts.ru (maeko [192.168.10.3]) by mandy.mts.ru with SMTP id hB25KAb07459; Tue, 2 Dec 2003 08:20:15 +0300 (MSK) Received: from stella.komi.mts.ru ([10.50.1.1]) by maeko.inside.mts.ru (NAVGW 2.5.2.12) with SMTP id M2003120208200907543 ; Tue, 02 Dec 2003 08:20:10 +0300 Received: from nbdav (nb-dav.komi.mts.ru [10.50.1.185]) (user=tiamat mech=NTLM bits=0) by stella.komi.mts.ru (MTS Komi/Smtp) with ESMTP id hB25K9Fm089235; Tue, 2 Dec 2003 08:20:09 +0300 (MSK) (envelope-from tiamat@komi.mts.ru) Message-ID: <007101c3b893$f04e9150$b901320a@komi.mts.ru> From: "?????? ????????? ??????????" To: "Jacques A. Vidrine" References: <02be01c3b5a6$a78a8ea0$b901320a@komi.mts.ru> <200312010859.hB18x2Dw094198@grimreaper.grondar.org> <20031201180202.GD244@madman.celabo.org> Date: Tue, 2 Dec 2003 08:20:02 +0300 Organization: =?iso-8859-1?B?1Ojr6ODrIM7AziAizO7h6Ov87fvlINLl6+XR6PHy5ez7IiDiIOM=?= =?iso-8859-1?B?LtH76vL74urg8OUsINDKLg==?= MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-security@FreeBSD.org Subject: Re: Kerberized applications in FreeBSD 5.x X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 05:20:20 -0000 > > You need to turn it obn by hand in /etc/pam.d/*. Its not on by default, > > because that would cause nasty delays in PAM. > > I think he meant *actual* Kerberos support i.e. at the protocol level, > not just password-authentication-via-Kerberos. Yes of course! Thanks! From owner-freebsd-security@FreeBSD.ORG Tue Dec 2 05:05:13 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F31916A4CE for ; Tue, 2 Dec 2003 05:05:13 -0800 (PST) Received: from smtp.des.no (flood.des.no [217.116.83.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5385A43F93 for ; Tue, 2 Dec 2003 05:05:10 -0800 (PST) (envelope-from des@des.no) Received: by smtp.des.no (Pony Express, from userid 666) id 56370530C; Tue, 2 Dec 2003 14:05:09 +0100 (CET) Received: from dwp.des.no (des.no [80.203.228.37]) by smtp.des.no (Pony Express) with ESMTP id E7D765308; Tue, 2 Dec 2003 14:04:59 +0100 (CET) Received: by dwp.des.no (Postfix, from userid 2602) id 3CC1933C7B; Tue, 2 Dec 2003 14:04:59 +0100 (CET) To: Tillman Hodgson References: <02be01c3b5a6$a78a8ea0$b901320a@komi.mts.ru> <20031201142936.GD99428@madman.celabo.org> <20031201144304.GB90713@seekingfire.com> From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) Date: Tue, 02 Dec 2003 14:04:59 +0100 In-Reply-To: <20031201144304.GB90713@seekingfire.com> (Tillman Hodgson's message of "Mon, 1 Dec 2003 08:43:04 -0600") Message-ID: User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on flood.des.no X-Spam-Level: X-Spam-Status: No, hits=0.1 required=5.0 tests=RCVD_IN_SORBS autolearn=no version=2.60 cc: freebsd-security@freebsd.org Subject: Re: Kerberized applications in FreeBSD 5.x X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 13:05:13 -0000 Tillman Hodgson writes: > Could you explain this a bit further? I'm pretty familiar with Kerberos > and I wasn't aware of this issue. I think I might be mis-parsing your > email to mean "competing standards" when it might mean "competing > clients", in which case it makes more sense :-) Competing servers, actually. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Tue Dec 2 11:16:46 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E025416A4CE for ; Tue, 2 Dec 2003 11:16:46 -0800 (PST) Received: from web12601.mail.yahoo.com (web12601.mail.yahoo.com [216.136.173.224]) by mx1.FreeBSD.org (Postfix) with SMTP id 24D0844013 for ; Tue, 2 Dec 2003 11:16:38 -0800 (PST) (envelope-from bj93542@yahoo.com) Message-ID: <20031202191638.42168.qmail@web12601.mail.yahoo.com> Received: from [128.226.68.47] by web12601.mail.yahoo.com via HTTP; Tue, 02 Dec 2003 11:16:38 PST Date: Tue, 2 Dec 2003 11:16:38 -0800 (PST) From: Dorin H To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: GnuPG 1.2.3 vulnerable? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 19:16:47 -0000 Hi there, Is the gpg FreeBSD port vulnerable to ElGamal signing key disclosure problem? Info: http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html Thank you, /Dorin. __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ From owner-freebsd-security@FreeBSD.ORG Tue Dec 2 11:23:19 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6077416A4CE for ; Tue, 2 Dec 2003 11:23:19 -0800 (PST) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA4A943FBF for ; Tue, 2 Dec 2003 11:23:14 -0800 (PST) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.10/8.12.3) with ESMTP id hB2JNAA7020197; Tue, 2 Dec 2003 11:23:10 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.10/8.12.3/Submit) id hB2JNAiQ020196; Tue, 2 Dec 2003 11:23:10 -0800 Date: Tue, 2 Dec 2003 11:23:10 -0800 From: Brooks Davis To: Dorin H Message-ID: <20031202192306.GB1326@Odin.AC.HMC.Edu> References: <20031202191638.42168.qmail@web12601.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4SFOXa2GPu3tIq4H" Content-Disposition: inline In-Reply-To: <20031202191638.42168.qmail@web12601.mail.yahoo.com> User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu cc: freebsd-security@freebsd.org Subject: Re: GnuPG 1.2.3 vulnerable? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 19:23:19 -0000 --4SFOXa2GPu3tIq4H Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 02, 2003 at 11:16:38AM -0800, Dorin H wrote: > Hi there, >=20 > Is the gpg FreeBSD port vulnerable to ElGamal signing > key disclosure problem? > Info: > http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html The latest commit log says: *** Security Update (not fix, only workaround) *** Disable the ability to create signatures using the ElGamal sign+encrypt (type 20) keys as well as to remove the option to create such keys. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --4SFOXa2GPu3tIq4H Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/zOaPXY6L6fI4GtQRAiMQAKCgI9hKWq0IWGQ75OjSBKLz0GX+aACfd99y vuVRIye9laEEpvPLTbmRCdU= =pJHx -----END PGP SIGNATURE----- --4SFOXa2GPu3tIq4H-- From owner-freebsd-security@FreeBSD.ORG Tue Dec 2 11:40:10 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDE7716A4CE for ; Tue, 2 Dec 2003 11:40:09 -0800 (PST) Received: from web16605.mail.tpe.yahoo.com (web16605.mail.tpe.yahoo.com [202.1.236.95]) by mx1.FreeBSD.org (Postfix) with SMTP id 791B643F85 for ; Tue, 2 Dec 2003 11:40:07 -0800 (PST) (envelope-from aprilita0405@yahoo.com.tw) Message-ID: <20031202194006.15213.qmail@web16605.mail.tpe.yahoo.com> Received: from [211.76.240.245] by web16605.mail.tpe.yahoo.com via HTTP; Wed, 03 Dec 2003 03:40:06 CST Date: Wed, 3 Dec 2003 03:40:06 +0800 (CST) From: =?big5?q?=A6=BF=A9v=C0=AE?= To: freebsd-security@freebsd.org In-Reply-To: <20031202192306.GB1326@Odin.AC.HMC.Edu> MIME-Version: 1.0 Content-Type: text/plain; charset=big5 Content-Transfer-Encoding: 8bit Subject: UnScribed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: aprilita0405@yahoo.com.tw List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 19:40:10 -0000 --- Brooks Davis ªº°T®§¡G> On Tue, Dec 02, 2003 at 11:16:38AM -0800, Dorin H > wrote: > > Hi there, > > > > Is the gpg FreeBSD port vulnerable to ElGamal > signing > > key disclosure problem? > > Info: > > > http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html > > The latest commit log says: > > *** Security Update (not fix, only workaround) *** > > Disable the ability to create signatures using the > ElGamal > sign+encrypt (type 20) keys as well as to remove > the option > to create such keys. > > -- Brooks > > -- > Any statement of the form "X is the one, true Y" is > FALSE. > PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E > 8BE9 F238 1AD4 > > ATTACHMENT part 2 application/pgp-signature ----------------------------------------------------------------- ¨C¤Ñ³£ Yahoo!©_¼¯ ®üªºÃC¦â¡B­·ªº®ð®§¡B·R§Aªº·Å«×¡AºÉ¦b«H¯È©³¹Ï http://tw.promo.yahoo.com/mail_premium/stationery.html From owner-freebsd-security@FreeBSD.ORG Thu Dec 4 06:59:52 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AAB416A4CE for ; Thu, 4 Dec 2003 06:59:52 -0800 (PST) Received: from obsecurity.dyndns.org (adsl-63-207-60-234.dsl.lsan03.pacbell.net [63.207.60.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6A4843FBF for ; Thu, 4 Dec 2003 06:59:50 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 3114F66C55; Thu, 4 Dec 2003 06:59:48 -0800 (PST) Date: Thu, 4 Dec 2003 06:59:48 -0800 From: Kris Kennaway To: security@FreeBSD.org Message-ID: <20031204145948.GE79714@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="r7U+bLA8boMOj+mD" Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: [kris@FreeBSD.org: cvs commit: ports/net/rsync Makefile distinfo] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 14:59:52 -0000 --r7U+bLA8boMOj+mD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable FYI ----- Forwarded message from Kris Kennaway ----- X-Original-To: kkenn@localhost Delivered-To: kkenn@localhost.obsecurity.org Delivered-To: kris@freebsd.org Delivered-To: ports-committers@freebsd.org From: Kris Kennaway Date: Thu, 4 Dec 2003 06:45:06 -0800 (PST) To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/net/rsync Makefile distinfo X-FreeBSD-CVS-Branch: HEAD Precedence: bulk X-Loop: FreeBSD.ORG X-UIDL: 84774d27af464bbb0b42f7d4a64327a2 kris 2003/12/04 06:45:06 PST FreeBSD ports repository Modified files: net/rsync Makefile distinfo=20 Log: Security update to rsync 2.5.7. This fixes a remotely-exploitable heap overflow, see http://rsync.samba.org/ for the details. =20 Revision Changes Path 1.87 +1 -2 ports/net/rsync/Makefile http://cvsweb.FreeBSD.org/ports/net/rsync/Makefile.diff?r1=3D1.86&r2=3D1.87 1.34 +1 -1 ports/net/rsync/distinfo http://cvsweb.FreeBSD.org/ports/net/rsync/distinfo.diff?r1=3D1.33&r2=3D1.34 ----- End forwarded message ----- --r7U+bLA8boMOj+mD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/z0vjWry0BWjoQKURAvm4AJ903m3dOj+wLlNnAHQvkxWnaanwpACgutfr ofW+VfJ4glV3Ap0RfRV6aPo= =9yPx -----END PGP SIGNATURE----- --r7U+bLA8boMOj+mD--